140Char

Twitter has been hit by the first major effort to ‘phish‘ account details and spam users with links to a fake login page by Direct Messages from comprimised accounts.

The Twitter team has responded with a warning on the main web access page, and a warning on the Twitter blog. You can see the uproar it’s causing on Twitter via Twitter Search.

Currently the DMs are enticing people with:

• Here’s a funny blog about you
• Your picture is on this blog
• You’ve won a free iphone

Luckily the phishers are at least sticking to the grand tradition of email spamming by either trying to entice you with a blatantly ‘too good to be true’ offer, or something personal with the link to a fake Twitter log-in page displayed in full, so hopefully the word has spread to most people.

However, this is likely to be just the start. As Pete Cashmore pointed out at Mashable, this is a sign Twitter has reached a big enough size to be a viable target for scams - a positive sign for Twitter’s growth perhaps, but also a sign that the scammers and spammers are coming, with pretty big implications for Twitter users.

Shortened urls:

For starters, we were all lucky in some ways that the bloggers obviously aren’t familiar with Twitter culture, and were displaying the full url of the fake website, meaning that even if the DM came from someone we absolutely trusted, we had a warning before clicking.

But given that the character limit of Twitter means that shortened urls are the norm, it will make it almost impossible to detect whether a link is likely to be fake before at least visiting it - meaning an urgent need for preview functionality of shortened urls at the bare minimum.

Warning systems:

A lot of Twitter users picked up on the scam emails via friends, and stayed up to date with information via the #phishing hash tag etc - Twitter responded promptly with a warning on the website and blog. But what about the many, many people using a client to access Twitter and their Direct Messages? And those using mobiles to access the service?

Will everyone get a warning via each client and application? Unlikely at the moment, unless there is a type of ‘emergency signal’ which could be broadcast across all clients and apps.

Verified App Store:

Which brings me to the next possible implication - a few people have suggested that the fake log in page is in fact working as a Twitter application to utilise the stolen accounts and passwords.

It’s long been a matter of contention for users and app developers that any 3rd party application which requires a certain level of functionality has to ask for usernames and passwords - but now the 3rd party developers could be hit by a huge loss of trust from users.

So could this be an opportunity for a verified and approved Twitter application resource? Possibly monetised by charging a fee for consumers (unlikely), or for developers to have their application tested and approved (more likely)?

This could have implications for the speed and amount of Twitter applications and clients being produced, and also move such development away from bedroom coders depending on the fees for such services.

It certainly means that there could be a move for more users to utilise more than one Twitter account to allow them to test applications and clients etc without comprimising their main account.

So what other implications do you think the arrival of large scale phishing attacks could have on Twitter - and what suggestions do you have for other Tweeple - and Twitter itself, to try to minimise the damage of future attacks?

It’s a popular question today, after both Techcrunch and Mashable covered the launch of The New Platforms Fund, which will invest between $1000-$3000 in 10 ideas (plus human support), in exchange for a minor equity stake.

Techcrunch was pretty disparaging about the idea (headline: If you are really, really desperate for cash, these guys will give you $3k) Mashable’s take was a bit more open about the diea.

If you want to apply, the form is here.

But what is quite interesting is the debate in the TC comments around how much this could actually fund - obviously it’s not enough to pay for a team of developers for a year, but could it help 1 or 2-person start-ups just out of college to spend a month or two on one idea?

Or, given the current state of the economy and job market, could it be enough to make the mortgage payment for a month whilst you try something different? Or to get the services of a developer or designer for a week or two to make a simple concept into reality?

After all, Stocktwits got more funding after just two months.

But do you think $1-3k is enough to get something started? And is it worth giving up some equity in order to reach another round of funding?

Just caught up with two new applications making use of your Twitter data:

The first is a fun little thing called Tweet 3D. It’s a Tweet cloud - but in 3D! Not exactly about to start a revolution, but quite a pleasant and enjoyable way to display your most common tweet terms. You can check out mine here.

Meanwhile, there’s been some murmurs about What’s Your Tweet Worth?, which claims to value your Twitter account - presumably on the number of followers and posts. Unfortunately there are a few slight problems.

1. Apparently my valuation indicates I’ve made 200 updates. So underreporting by 4221 at the time of writing.

2. The site discloses that it’s sponsored by Twitads, which is good and honest - but in immediately suggesting people use the tool and then rush to Twitads to sell their profile backgrounds, it really rams home the fact that capitalism is coming to Twittersville.

3. There’s always been one major problem with any valuation service like this, whether it’s for blogs, microblogs, social networking profiles etc. The value of something is determined by what someone will pay for it - not by the number of contacts and links. They might provide the world’s roughest guide to possible popularity, but only in as much as an older antique might be worth more than a younger one, possibly, all other things being equal.

If I was buying a Twitter account or background, I wouldn’t look at the totals. I’d want to know who is following the account? What professions are they in? What demeorgraphic are they? Are they likely to be interested in my product? Are they likely to buy my product? Is the account posting quality content likely to have an impact on sales when I advertise on it? Etc.

And then I’d probably go and start my own account instead, for free, and connect with people that are really interested in what I’m offering.

For the record, my account is supposedly worth $44.32 per month. So, as it’s on Twittads as a test, let’s see if the valuation finds me the buyer I haven’t attracted so far!

I actually posted my thoughts on Twitter, earthquakes, and how major news sites are going to increasingly lose their advantages on breaking news on my other blog, www.thewayoftheweb.net, but obviously it also needs flagging up here.

I’ve tried to provide ways in which the news companies can adapt and evolve to embrace the new technology, but whether or not they’re capable of thinking in terms of changing quickly enough will be interesting…

I’d love to hear more thoughts on how applications like Twitter are affecting other people’s news diet…

Incidentally, you can see our first thoughts on earthquake messages on Twitter here. And it was online before the BBC, and around the same time as CNN!